CVE-2026-25702
Published: 05 March 2026
Summary
CVE-2026-25702 is a high-severity Improper Access Control (CWE-284) vulnerability in Suse Linux Enterprise Server. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify System Firewall (T1686); ranked at the 10.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2026-25702 is an Improper Access Control vulnerability (CWE-284) in the kernel of SUSE Linux Enterprise Server 12 SP5. The flaw causes nftables to break, rendering firewall rules applied via nftables ineffective. It affects SUSE Linux Enterprise Server kernel versions from commit 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before commit 9c294edb7085fb91650bc12233495a8974c5ff2d.
The vulnerability has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating it is exploitable remotely over the network with low attack complexity, no privileges or user interaction required, and unchanged impact scope. Attackers can achieve limited effects on confidentiality, integrity, and availability by bypassing nftables-enforced firewall rules.
SUSE's advisory details mitigation, with the fix introduced at kernel commit 9c294edb7085fb91650bc12233495a8974c5ff2d. Security practitioners should update affected SUSE Linux Enterprise Server 12 SP5 systems to incorporate this patch, as referenced in https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25702.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-9793
Vulnerability details
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly breaks nftables enforcement, allowing remote bypass of system firewall rules with no privileges required; this maps precisely to disabling or modifying the system firewall to evade network controls.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces approved authorizations on system resources; the CVE is a kernel-level failure of nftables access-control enforcement that allows unauthorized network flows.
Requires boundary-protection mechanisms such as host-based firewalls; the CVE renders the nftables boundary ineffective, permitting bypass of intended ingress/egress controls.
Mandates timely installation of security-relevant patches; the only corrective action for this kernel flaw is application of the fix at commit 9c294edb7085fb91650bc12233495a8974c5ff2d.